Team,
I am using Elastic aggregation to fetch the certain values from the Logstash-database ( Index Name) search and the JSON results generating huge output (currently fetches 30,000 lines output) and bit time consuming. Would like to finetune and display one result per search condition only.
For ex:
Result expecting like below as once. ( currently it is displaying multiple times )
Document submitted: 5
Document retrieved: 5 and son on.
The current curl command looks like below:
RESULT=$(/usr/bin/curl -H 'Content-Type: application/json' -s -k -XGET http://$ELASTIC_SERVER:$ELASTIC_SERVER_PORT/$INDEX_NAMES/_search -d '{"aggs":{"time":{"date_histogram":{"field":"@timestamp","fixed_interval":"5m","time_zone":"UTC","min_doc_count":1,"order":{"_key":"desc"}},"aggs":{"severity":{"terms":{"field":"severity.keyword","order":{"countervalue":"desc"},"size":5},"aggs":{"countervalue":{"max":{"field":"countervalue"}},"check":{"terms":{"field":"check.keyword","order":{"countervalue":"desc"},"size":40},"aggs":{"countervalue":{"max":{"field":"countervalue"}}}}}}}}},"size":0,"_source":{"excludes":},"stored_fields":["*"],"script_fields":{},"docvalue_fields":[{"field":"@timestamp","format":"date_time"},{"field":"logtimestamp","format":"date_time"}],"query":{"bool":{"must":[{"range":{"@timestamp":{"gte":'$FROMTIME',"format":"epoch_millis"}}}],"filter":[{"bool":{"should":[{"match_phrase":{"clientid":"'$HOST'"}}],"minimum_should_match":1}}],"should":,"must_not":}}}')